<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

require_once("../global.php");
require_once("../uis.php");
require_once("../config.php");
require_once("../functions.php");
require_once("pcrypt.php");
$SYSTEM_NAME=$config->cs['title'];
$PAYPAL_ACCOUNT=$config->cs['paypal_account'];//PAYPAL ACCOUNT NAME
$SCRIPT_URL=$config->cs['script_url'];//TRAILING SLASH!
$IMAGE_URL=$config->cs['paypal_imageurl'];//SSL REC!
$PAYPAL_RURL=$config->cs['paypal_rurl'];//REFERRAL URL FOR PAYPAL
$_2CHECKOUT_ACCOUNT=$config->cs['2checkout_account'];//2CheckOut.com Seller #
$_2CHECKOUT_DEMO=$config->cs['2checkout_demo'];//Demo Mode? (Y or N)
$PFL_ACCOUNT=$config->cs['payflowlink_account'];//PAYFLOW LINK ACCOUNT ID
$PFL_PARTNER=$config->cs['payflowlink_partner'];//PAYFLOW LINK PARTNER ID
$AUTHORIZENET_ACCOUNT=$config->cs['authorizenet_login'];//AUTHORIZE.NET ACCOUNT
$AUTHORIZENET_TXNKEY=$config->cs['authorizenet_transkey'];//AUTHORIZE.NET TRANSACTION KEY

//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
//////////////////////////////////////////////////////////
/************************	I	************************/
if(!isset($completed)){
	header("Location: $PHP_SELF?completed=1\\");
	exit;
}
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
else{
	//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	//////////////////////////////////////////////////////////
		/************************	I	************************/
		//CHOOSE PRODUCT(S)
		if($completed==1){
			ob_start();
			?>
			<table cellspacing="0" cellpadding="2" border="0">
			<form name="signup" action="<?php print $PHP_SELF; ?>" method="post">
			<tr>
			    <td>
						<input type="hidden" name="completed" value="2">
						<!--ALPHABETICAL ORDER!!-->
						<select class="prefinput" name="product_id[]" multiple size="10">
							<?php
								//onchange="toggleBox(this.selectedIndex,1);"
								print proddrop(); 
							?>
						</select>
				</td>
			    <td valign="top" align="left">
					<?php
						/*
						<div ID="1" class="layer">
							<b>Test</b>
						</div>
						*/
						//print descrps();
					?>
					<div><i>Use SHIFT or CTRL to select multiple items.  <!--Click a single product to view the description below.--></i></div>
				</td>
			</tr>
			<tr><td colspan="2" align="center"><input type="submit" value="Continue --&gt;"></td></tr>
			</form>
			</table>
			<?php
			$content=ob_get_contents();
			ob_end_clean();
		
			ob_start();
			print sheader();
			$data = parse(template("orderproducts"));
			$data = addslashes($data);
			eval("echo stripslashes(\"$data\");");
			print $config->copypow;
			print footer();
			$final=ob_get_contents();
			ob_end_clean();
			print $final;
		}
		//////////////////////////////////////////////////////////
		/************************	II	************************/
		//confirm order
		elseif($completed==2){
			//check to make sure that a product has been selected
			$backl='<a href="'.$PHP_SELF.'?completed=1">Back</a>';
			
			if($key!=encrypt($product_p)){
				die("Invalid Price Data!");
			}
			
			if(isset($product_idb)){
				$product_id=explode(",",$product_idb);
				$product_qtya=explode(",",$product_qty);
				$product_p=explode(",",$product_p);
			}
			elseif(isset($product_id)){
				if(count($product_id)==0) die("You must select a product to continue.&nbsp;$backl");
			}
			else{
				die("You must select a product to continue.&nbsp;$backl");
			}
			
			$count=0;
			$k_set="";
			foreach($product_id as $file_id){
				if($k_set!="")$k_set.=",";
				$k_set.=(sprintf("%.2f",$product_p[$count]).$file_id);
				$count++;
			}
			//if($key2!=encrypt($k_set)){
			//	die("Invalid Match!<br>$key2<br>$k_set<br>".encrypt($k_set));
			//}
			
			ob_start();
			?>
			<script language="JavaScript" type="text/javascript">
				//show status bar messages
				function statusbar(statusmsg){
					window.status=statusmsg
					return true
				}
				//end show status bar message function
			</script>
				<form name="signup" action="<?php print $PHP_SELF; ?>" method="post">
				<table cellspacing="0" cellpadding="2" border="0" align="center">
				<tr>
					<td colspan="5" align="center">Email: <input type="text" name="ouser"></td>
				</tr>
				<tr>
				    <td align="center"><b>Product</b></td>
				    <td align="center"><b>Price</b></td>
				    <td align="center"><b>Quantity</b></td>
					<td align="center"><b>Subtotal</b></td>
					<td></td>
				</tr>
			<?php
			$count=0;
			foreach($product_id as $file_id){
				$sql="SELECT * FROM ".$config->dt['files']." WHERE id='".$file_id."'";
				$result=mysql_query($sql);
				$file=mysql_fetch_array($result);
				?>
				<tr>
				    <td align="center"><?php print $file['name']; ?></td>
				    <td align="center">$<?php print $file["cost"]; ?><input type="hidden" name="a<?php print $file['id'];?>p" value="<?php print $product_p[$count]; ?>"></td>
				    <td align="center"><input type="hidden" name="a<?php print $file['id'];?>q" value="<?php print $product_qtya[$count]; ?>"><?php print $product_qtya[$count]; ?></td>
					<td align="center">$<?php print sprintf("%.2f",($file["cost"]*$product_qtya[$count])); ?></td>
					<td align="center"><a href="#" onclick="window.open('../order/lview.php?lid=<?php print $file['license']; ?>', 'newwindow', config='height=400, width=400, toolbar=no, menubar=no, scrollbars=yes, resizable=yes, location=no, directories=no, status=no')" onMouseover="return statusbar('View License')" onMouseout="return statusbar('')">View License</a></td>
				</tr>
				<input type="hidden" name="product_id[]" value="<?php print $file['id'];?>">
				<?php
				$count++;
			}//end foreach
			?>
				<tr><td colspan="5"><br><b>Choose Your Payment Processor:</b></td></tr>
				<?php
				if($config->cs['paypal_allow']=="on"){
				?>
					<tr>
					<td colspan="5">
						<input type="radio" name="paysys" value="paypal" class="nobg">PayPal -
						<small>See <a href="<?php print $PAYPAL_RURL; ?>" target="_blank">www.paypal.com</a> for information</small>
					</td>
					</tr>
				<?php
				}//end paypal
				if($config->cs['2checkout_allow']=="on"){
				?>
					<tr>
					<td colspan="5">
						<input type="radio" name="paysys" value="2checkout" class="nobg">2Checkout -
						<small>See <a href="http://www.2checkout.com" target="_blank">www.2checkout.com</a> for information</small></td>
					</td>
					</tr>
				<?php
				}//end 2checkout
				?>
				<?php
				if($config->cs['payflowlink_allow']=="on"){
				?>
					<tr>
					<td colspan="5">
						<input type="radio" name="paysys" value="payflowlink" class="nobg">VeriSign PayFlow Link -
						<small>See <a href="http://www.verisign.com" target="_blank">www.verisign.com</a> for information</small></td>
					</td>
					</tr>
				<?php
				}//end payflowlink
				?>
				<?php
				if($config->cs['authorizenet_allow']=="on"){
				?>
					<tr>
					<td colspan="5">
						<input type="radio" name="paysys" value="authorizenet" class="nobg">Authorize.Net -
						<small>See <a href="http://www.authorize.net" target="_blank">www.authorize.net</a> for information</small></td>
					</td>
					</tr>
				<?php
				}//end authorize.net allow
				?>
				<tr><td align="right" colspan="5"><br><input type="submit" value="Continue --&gt;"></td></tr>
				</table>
				<input type="hidden" name="completed" value="3">
				</form>
				<div align="center">
				<form action="shopping%20cart%5B1_1_2%5D/cart/cart.php" method="post">
				<input type="submit" value="<-- Edit Cart">
				</form>
				</div>
			<?php
			$content=ob_get_contents();
			ob_end_clean();
			
			ob_start();
			print sheader();
			$data = parse(template("orderconfirm"));
			$data = addslashes($data);
			eval("echo stripslashes(\"$data\");");
			print $config->copypow;
			print footer();
			$final=ob_get_contents();
			ob_end_clean();
			print $final;
		}//end completed=2
		//////////////////////////////////////////////////////////
		/************************	III	************************/
		// login 
		elseif($completed==3)
		{
			ob_start();
				if(!isset($paysys)){
				dieform2("You must set a payment method!",$content,2,$product_id);
			}
			if(!isset($ouser)||$ouser==""){
				dieform2("You must provide an email address!",$content,2,$product_id);
			}
			foreach($product_id as $file_id){
				$qv="a".$file_id."q";
				if($$qv==0){
					dieform2("You must set quantity!",$content,2,$product_id);
				}
				?>
				<input type="hidden" name="product_id[]" value=<?php echo $file_id; ?>>
				<input type="hidden" name="a<?php echo $file_id; ?>q" value=<?php $tempasdf="a".$file_id."q";echo $$tempasdf; ?>>
				<input type="hidden" name="a<?php echo $file_id; ?>p" value=<?php $tempp="a".$file_id."p";echo $$tempp; ?>>
				<?php 
			} ?>
			<input type="hidden" name="paysys" value=<?php echo $paysys; ?>>
			<input type="hidden" name="completed" value="5">
			<?php
			$content=ob_get_contents();
			ob_end_clean();
			
			ob_start();
			print sheader();
			//$sql="SELECT email from ".$config->table['user']." where ".$config->field['username']." = '$ouser'";
			$sql="SELECT ".$config->field['email']." FROM ".$config->table['user']." WHERE ".$config->field['username']."='".$ouser."'";
			$result=mysql_query($sql);
			$numrows=mysql_num_rows($result);
			$data = parse(template($numrows==0?"new2_memberregistration":"new2_orderlogin"));
			$data = addslashes($data);
			eval("echo stripslashes(\"$data\");");
			print $config->copypow;
			print footer();
			$final=ob_get_contents();
			ob_end_clean();
			print $final;
		}//end III
		//////////////////////////////////////////////////////////
		/************************	VI	************************/
		/*elseif($completed==4)
		{
			ob_start();
			if(!isset($paysys)){
				dieform2("You must set a payment method!",$content,2,$product_id);
			}
			if(!isset($ouser)||$ouser==""){
				dieform2("You must provide an email address!",$content,2,$product_id);
			}
			foreach($product_id as $file_id){
				$qv="a".$file_id."q";
				if($$qv==0){
					dieform2("You must set quantity!",$content,2,$product_id);
				}
				?>
				<input type="hidden" name="product_id[]" value=<?php echo $file_id; ?>>
				<input type="hidden" name="a<?php echo $file_id; ?>q" value=<?php $tempasdf="a".$file_id."q";echo $$tempasdf; ?>>
				<input type="hidden" name="a<?php echo $file_id; ?>p" value=<?php $tempp="a".$file_id."p";echo $$tempp; ?>>
			<?php } ?>
			<input type="hidden" name="paysys" value=<?php echo $paysys; ?>>
			<input type="hidden" name="completed" value="5">
			
			<?php
			$content=ob_get_contents();
			ob_end_clean();
			
			ob_start();
			print sheader();
			$sql="SELECT * FROM ".$config->table['user']." WHERE ".$config->field['username']." = '$ouser'";
			$result=mysql_query($sql);
			$numrows=mysql_num_rows($result);
			$data = parse(template($numrows==0?"new2_memberregistration":"new2_orderlogin"));
			$data = addslashes($data);
			eval("echo stripslashes(\"$data\");");
			print $config->copypow;
			print footer();
			$final=ob_get_contents();
			ob_end_clean();
			print $final;
		}//end VI
		*/
		//////////////////////////////////////////////////////////
		/************************	V	************************/
		//RELAY ORDER
		elseif($completed==5){
			ob_start();
			foreach($product_id as $file_id){?>
				<input type="hidden" name="product_id[]" value=<?php echo $file_id; ?>>
				<input type="hidden" name="a<?php echo $file_id; ?>q" value=<?php $tempasdf="a".$file_id."q";echo $$tempasdf; ?>>
			<?php } ?>
			<input type="hidden" name="paysys" value=<?php echo $paysys; ?>>
			<input type="hidden" name="ouser" value=<?php echo $ouser;?>>
			
			<?php
			$content=ob_get_contents();
			ob_end_clean();
			
			
			if(isset($add))
			{
				if(!isset($paysys)){
					dieform("You must set a payment method!",$content,3);
				}
				if(!isset($password) or $password==''){
					dieform("You must set a password!",$content,3);
				}
				if(!isset($ouser) or $ouser==''){
					dieform("You must include an email address!",$content,3);
				}
				if($password!=$password2){
					dieform("Entered Passwords DO NOT match!",$content,3);
				}
				$result=mysql_query("SELECT * FROM ".$config->table['user']." WHERE ".$config->field['username']." = '$ouser';");
				$rows=mysql_numrows($result);
				if($rows>0){
					dieform("Username is in use!",$content,3);
				}
				//generate SQL
				$result="";
				if($config->password=="md5") $password2=md5($password2);
				$err=false;
				//get user id & increment
				$rfix=mysql_query("SELECT MAX(".$config->field['userid'].") AS uid FROM ".$config->table['user']);
				$vfix=mysql_fetch_array($rfix);
				//insert user
				if(!$result=mysql_query("INSERT INTO ".$config->table['user']." (`".$config->field['userid']."`, `".$config->field['username']."`, `".$config->field['password']."`, `".$config->field['email']."`, `".$config->field['joindate']."`) VALUES ('".($vfix['uid']+1)."', '".htmlspecialchars($ouser)."', '".$password2."', '".strip_tags($ouser)."', '".time()."');"))
					dieform("Error in updating data: ".mysql_error(),$content,3);
				?><br><br><div align="center">
				<STRONG><FONT face=Verdana size=2>You have been registered.</FONT></STRONG>
				<?php
			}
			elseif(isset($login))
			{
				if($config->password=="md5") $password=md5($password);
				$sql="select * from ".$config->table['user']." WHERE ".$config->field['username']."='$ouser' and ".$config->field['password']."='$password'";
				$result=mysql_query($sql);
				if(mysql_num_rows($result)==0)
					dieform("Incorrect Username or Password",$content,3);
			}
			ob_start();
			$times=time();
			//calculate order variables
			$iname="$SYSTEM_NAME Purchase";
			$inum="AUTOMATED_PURCHASE$times";
			$icost=0;
			$custom_val="";
			
			//get user's id
			$sql="SELECT ".$config->field['userid'].",".$config->field['email']." FROM ".$config->table['user']." WHERE ".$config->field['username']."='$ouser'";
			$result=mysql_query($sql);
			$val=mysql_fetch_array($result);
			echo '<table cellspacing="0" cellpadding="2" border="0" align="center">';
			echo '<tr><td>Product Name: </td><td>Quantity: </td><td>Price: </td></tr>';
			//loop for each product
			foreach($product_id as $file_data){
				//explode data stored as file_id|quantity
				//$file_data_arr=explode("|",$file_data);
				$q="a"."$file_data"."q";
				$q=$$q;
				$file_id=$file_data;
				$file_q=$q;
				$p="a"."$file_data"."p";
				$p=$$p;
				
				//get file information
				$sql="SELECT * FROM ".$config->dt['files']." WHERE id='".$file_id."'";
				$result=mysql_query($sql);
				$file=mysql_fetch_array($result);
				//calculate total purchase cost
				$cost=sprintf("%.2f",($p*$file_q));
				$icost+=$cost;
				echo "<tr><td>",$file['name'],"</td><td>$file_q</td><td>$cost</td></tr>";
				
				//loop for each quantity of file_id
				for($i=1;$i<=$file_q;$i++){
					//store preliminary order for each file ordered (seperate ones in case of multiple quantities)
					$sql="INSERT INTO ".$config->dt['transactions']." (id,txn_id, timestamp,update_timestamp, payer_email, item_name, num_cart_items, quantity, file_id, uid, status) VALUES ('','','".$times."','','".$val[$config->field['email']]."','".$file['name']."','1','1','".$file_id."','".$val[$config->field['userid']]."','PENDING');";
					
					//enter information
					if($result=mysql_query($sql)){
						$id=mysql_insert_id();
						$custom_val.="$id|";
					}
					else{
						print "There was an error in processing your order.  Please go back and try again.<br>".mysql_error();
					}
				}//end for
			}//end foreach
			echo "<tr><td></td><td><b>Total:</b></td><td><b>",printf("%.2f",$icost),"</b></td></tr></table>";
		
		//relay order to paypal
		if(($config->cs['paypal_allow']=="on")&&($paysys=="paypal")){
		?>
			<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
				<input type="hidden" name="bn" value="DLMan.DLMan">
				<input type="hidden" name="cmd" value="_xclick">
				<input type="hidden" name="custom" value="<?php print substr($custom_val,0,strlen($custom_val)-1); ?>">
				<?php //<input type="hidden" name="quantity" value="0"> ?>
				<input type="hidden" name="business" value="<?php print $PAYPAL_ACCOUNT; ?>">
				<input type="hidden" name="item_name" value="<?php print $iname; ?>">
				<input type="hidden" name="item_number" value="<?php print $inum; ?>">
				<input type="hidden" name="amount" value="<?php printf("%.2f",$icost); ?>">
				<input type="hidden" name="image_url" value="<?php print $IMAGE_URL; ?>">
				<input type="hidden" name="no_shipping" value="1">
				<input type="hidden" name="return" value="<?php print $SCRIPT_URL; ?>order/thanks.php">
				<input type="hidden" name="cancel_return" value="<?php print $SCRIPT_URL; ?>order/cancel.php">
				<input type="hidden" name="no_note" value="1">
				<input type="hidden" name="notify_url" value="<?php print $SCRIPT_URL; ?>order/paypal.ipn.php">
				<input type="hidden" name="currency_code" value="USD">
				<input type="image" src="https://www.paypal.com/images/x-click-but2.gif" border="0" name="submit" alt="Make Payment">
			</form>
		<?php
		}//end paypal
		if(($config->cs['2checkout_allow']=="on")&&($paysys=="2checkout")){
			/*
				x_action=%action%
				x_amount=%amount%
				x_product_id=%x_produc_id%
			*/
		?>
			<form action="https://www.2checkout.com/cgi-bin/Abuyers/purchase.2c" method="post">
				<input type="hidden" name="x_Receipt_Link_URL" value="<?php print $SCRIPT_URL; ?>order/2Checkout.php">
				<input type="hidden" name="x_login" value="<?php print $_2CHECKOUT_ACCOUNT; ?>">
				<input type="hidden" name="x_amount" value="<?php printf("%.2f",$icost); ?>">
				<input type="hidden" name="x_invoice_num" value="<?php print substr($custom_val,0,strlen($custom_val)-1); ?>">
				<input type="hidden" name="x_Email" value="<?php print $val[$config->field['email']]; ?>">
				<?php
				//demo mode?
				if($_2CHECKOUT_DEMO=="Y"){
				?>
				<input type="hidden" name="demo" value="Y">
				<?php
				}//end demo check
				?>
				<input type="image" src="https://www.paypal.com/images/x-click-but9.gif" border="0" name="submit" alt="Make Payment">
			</form>
		<?php
			}//end 2Checkout
		if(($config->cs['authorizenet_allow']=="on")&&($paysys=="authorizenet")){
		?>
			<form action="https://secure.authorize.net/gateway/transact.dll" method="post">
				<?php
				include("shopping%20cart%5B1_1_2%5D/cart/order/simlib.php");
				$loginid=$AUTHORIZENET_ACCOUNT;
				$txnkey=$AUTHORIZENET_TXNKEY;
				$cst=sprintf("%.2f",$icost);
				// Seed random number for security and better randomness.
				srand(time());
				$sequence=rand(1,1000);
				// Insert the form elements required for SIM by calling InsertFP
				$ret=InsertFP($loginid,$txnkey,$cst,$sequence,"");
				?>
				<input type="hidden" name="x_Login" value="<?php print $AUTHORIZENET_ACCOUNT; ?>">
				<input type="hidden" name="x_Amount" value="<?php printf("%.2f",$icost); ?>">
				<input type="hidden" name="x_Invoice_Num" value="<?php print substr($custom_val,0,strlen($custom_val)-1); ?>">
				<input type="hidden" name="x_Show_Form" value="PAYMENT_FORM">
				<input type="hidden" name="x_Relay_Response" value="True">
				<input type="hidden" name="x_Relay_URL" value="<?php print $SCRIPT_URL; ?>order/Authorizenet.php">
				<input type="hidden" name="x_Email" value="<?php print $val[$config->field['email']]; ?>">
				<input type="image" src="https://www.paypal.com/images/x-click-but9.gif" border="0" name="submit" alt="Make Payment">
			</form>
		<?php
			}//end Authorize.net
		if(($config->cs['payflowlink_allow']=="on")&&($paysys=="payflowlink")){
		?>
			<form method="POST" action="https://payflowlink.verisign.com/payflowlink.cfm">
				<input type="hidden" name="LOGIN" value="<?php print $PFL_ACCOUNT; ?>">
				<input type="hidden" name="PARTNER" value="<?php print $PFL_PARTNER; ?>">
				<input type="hidden" name="AMOUNT" value="<?php printf("%.2f",$icost); ?>">
				<input type="hidden" name="TYPE" value="S">
				<input type="hidden" name="DESCRIPTION" value="Purchase from <?php print $config->cs['title']; ?>">
				<input type="hidden" name="INVOICE" value="<?php print substr($custom_val,0,strlen($custom_val)-1); ?>">
				<input type="hidden" name="ECHODATA" value="True">
				<input type="hidden" name="EMAILCUSTOMER" value="True">
				<input type="hidden" name="SHOWCONFIRM" value="True">
				<input type="hidden" name="USER1" value="<?php print $PFL_ACCOUNT; ?>">
				<input type="hidden" name="USER2" value="PUR">
				<input type="image" src="https://www.paypal.com/images/x-click-but9.gif" border="0" alt="Make Payment">
			</form>
			<!--<input type="hidden" name="EMAIL" value="<?php print $val[$config->field['email']]; ?>">
			<input type="hidden" name="ORDERFORM" value="True">-->
		<?php
			}//end payflowlink
			$content=ob_get_contents();
			ob_end_clean();
			
			ob_start();
			print sheader();
			$data = parse(template("orderfinal"));
			$data = addslashes($data);
			eval("echo stripslashes(\"$data\");");
			print $config->copypow;
			print footer();
			$final=ob_get_contents();
			ob_end_clean();
			print $final;
		}//end completed=4
	//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
}//end completed set
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
//FUNCTIONS
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
/*
	Creates a post form that maintains data through errors
*/
function dieform($message,$content,$redir)
{
	die("<form action=\"$PHP_SELF\" method=\"post\">
		$content
		<input type=\"hidden\" name=\"completed\" value=$redir>
		$message<br>
		<input type=\"submit\" value=\"<-- Back\">");
}
function dieform2($message,$content,$redir,$productid)
{
	die("<form action=\"cart.php\" method=\"post\">
		$content
		<input type=\"hidden\" name=\"completed\" value=$redir>
		$message<br>
		<input type=\"submit\" value=\"<-- Back\">");
}
/*
	Parse the template and replace variables with values
*/
function parse($code){
	global $PHP_SELF,$config,$content,$ouser;
	$code=str_replace("{furl}",$config->cs['forum_url'],$code);//$url
	$code=str_replace("{url}",$config->cs['forum_url'],$code);//$url
	$code=str_replace("{rurl}",$config->cs['forum_url'].$config->page['registration'],$code);//$url
	$code=str_replace("{title}",$config->cs['title'],$code);//$title
	$code=str_replace("{site}",$config->cs['forum_title'],$code);//$site
	$code=str_replace("{PHP_SELF}",$PHP_SELF,$code);//$PHP_SELF
	$code=str_replace("{CONTENT}",$content,$code);//$PHP_SELF
	$code=str_replace("{username}",$ouser,$code);
	return $code;
}

/*
Generates a UNIQUE id that is cross referenced with the transaction table.
*/
function id(){
	global $config;
	//generate id
	while(true){//do until random value is found
		//seed the random numbers using the microsecond seed function
		srand(make_seed());
		//generate random value
		$randval=rand();
		$txn_id=$randval;
		//check that txn_id (UNQIUE TRANSACTION ID) has not been previously processed
  		$sql="SELECT * FROM ".$config->dt['transactions']." WHERE txn_id='".$txn_id."'";
		$result=mysql_query($sql);
		$rows=mysql_num_rows($result);
		if($rows==0)
			break;
	}
	return $txn_id;
}

function login(){
	global $config;
	
	print sheader();
	$data = parse(template("new2_orderlogin"));
	$data = addslashes($data);
	eval("echo stripslashes(\"$data\");");
	print $config->copypow;
	print footer();
}

//generate the contents for the list of products
function proddrop(){
	global $config,$PHP_SELF;
	ob_start();//start content buffer
	$sql="SELECT * FROM ".$config->dt['files']." WHERE permissions='paid' AND purchase='on' ORDER BY name";
	$result=mysql_query($sql);
	while($v=@mysql_fetch_array($result)){
		?>
			<option value="<?php print $v['id']; ?>"><?php print $v['name']; ?> ($<?php print $v['cost']; ?>)</option>
		<?php
	}
	$content=ob_get_contents();//store content to global buffer var
	ob_end_clean();
	return $content;
}//end function

//generate the layers for product descriptions
function descrps(){
	global $config,$PHP_SELF;
	ob_start();//start content buffer
	$sql="SELECT * FROM ".$config->dt['files']." WHERE permissions='paid' AND purchase='on' ORDER BY name";
	$result=mysql_query($sql);
	while($v=@mysql_fetch_array($result)){
	?>
		<div ID="<?php print $v['id']; ?>" class="layer">
			<b><?php print htmlspecialchars($v['description']); ?></b>
		</div>
	<?php
		//<input type="button" onClick="toggleBox('print $v['id'];',0);" value="Hide Div">
	}
	$content=ob_get_contents();//store content to global buffer var
	ob_end_clean();
	return $content;
}//end function
?>
